Page 4 of 20 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. • https://github.com/594238758/mycve/blob/main/judging-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. • https://github.com/594238758/mycve/blob/main/judging-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. • https://github.com/angelopioamirante/CVE-2023-24317 http://judging.com http://sourcecodester.com https://packetstormsecurity.com/files/170205/Judging-Management-System-1.0-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. Se descubrió que Judging Management System v1.0.0 contenía una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario. • https://github.com/sudoninja-noob/CVE-2022-46623 https://github.com/sudoninja-noob/CVE-2022-46623/blob/main/CVE-2022-46623 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. Una vulnerabilidad de cross-site scripting (XSS) en Judging Management System v1.0 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el parámetro de nombre. • https://github.com/sudoninja-noob/CVE-2022-46622 https://github.com/sudoninja-noob/CVE-2022-46622/blob/main/CVE-2022-46622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •